I am using Reporting Services for SQL Server 2016. If we want to enter a new user and gives him permissions on reports we know that we can use report service interface in order to enter a new user which will be tested if it really exists else the message user or group name is not recognized is displayed.
Is there away to enter permissions for a user that doesn't exist yet? I mean a user which it's Sid is null
Use Active Directory. Set up a group, such as "SSRS Browsers", within AD. Ensure any and all users who require access to the reports (including new users) are listed in this group. Then give the AD group the right level of access within SSRS itself.
Related
I need some help with this error: The user does not have the required permissions. Verify that sufficient permissions have been granted and that the Windows User Account Control (UAC) restrictions have been handled.
Im executing ie as administrator.
Thanks!
By your comment I believe you are looking for NTFS permission and not the Reporting Services permissions. Try this:
'Run as' administrator IE and open your http://localhost/Reports (or whatever is the URL)
In the top right corner click on 'Site Setting' (http://localhost/Reports/Pages/Settings.aspx)
Check the 'Security' settings (http://localhost/Reports/Pages/Settings.aspx?SelectedSubTabId=SecurityLinkID)
After you set the permissions how you need, relaunch the browser without with your normal account and try it.
For more information about how to set the permissions read here: https://msdn.microsoft.com/en-us/library/ms156034(v=sql.110).aspx
To add a user or group to a system role
Start Report Manager (SSRS).
Click Site Settings.
Click Security.
Click New Role Assignment.
In Group or user name, enter a Windows domain user or group account
in this format: \. If you are using forms
authentication or custom security, specify the user or group account
in the format that is correct for your deployment.
Select a system role, and then click OK. [Roles are cumulative, so if you select both System Administrator and System User, a user or
group will be able to perform the tasks in both roles.]
Repeat to create assignments for additional users or groups.
To add a user or group to an item role
Start Report Manager and locate the report item for which you want
to add a user or group.
Hover over the item, and click the drop-down arrow.
In the drop-down menu, click Security.
Click New Role Assignment.
Note If an item currently inherits security from a parent item, click Edit Item Security in the toolbar to change the security settings.
Then click New Role Assignment.
In Group or user name, enter a Windows domain user or group account
in this format: \. If you are using forms
authentication or custom security, specify the user or group account
in the format that is correct for your deployment.
Select one or more role definitions that describe how the user or
group should access the item, and then click OK.
Repeat to create assignments for additional users or groups.
I have deployed some reports. I have a user (among others) which is included in a group. I would like to grant access permission to all the users from this group to be able to execute report (to see the reports deployed). So from Reporting Services administrator page (http://localhost/Reports), I go to site configuration, then Security, and I click on new role assignment, I added the group with "System User" role.
Using a user that belongs to this group, I login into windows, then I open internet explorer browser, put the address:
http://ip:80/ReportServer
A window appear prompting a user and password. I enter one user that is administrator. Then a page with the reports deployed appears. Ok, I can see the reports deployed. So I click on one of them and I get the message error below:
Reporting Services Error
this report requires a default or user-defined value for the report parameter
Then I go to internet explorer options, and I add the address as trusted zone. Then reload the report and it works.
However, when I enter the address and use the user that belongs to the group (and it is not administrator) in the login page, an error is shown and the reports page does not appear:
The permissions granted to user 'domain\username' are insufficient for performing this operation. (rsAccessDenied)
I want to access these reports by using a Simple user account which has not administrator role. In that scenario how we can use this?
Any help will be highly appreciated.
Sounds like they aren't actually being given permission to the Report folders or the report itself. The Site Setting -> Security is only for accessing the report server's site itself. After that they need permission to the folders and reports. With an Admin click Fodler Settings and then Security. Add their security group to the folder and the report by default should inherit the folder's permission. If it doesn't work then check the report itself. To access the report's settings, you'll either need IE to open the dropdown in the folder view, or open the report in any other browser. After it loads in the upper left you should see Home > FolderName > ReportName. Click the report's name and it'll take you to it's setting page where you can change the security.
I am looking for a way to assign a windows user/group access to a hub or Datazen dashboard, similar to the way in SSRS we can assign user/group access on a report or report folder.
Rahul,
First, you either need to be the admin to the server or have "IS OWNER" permissions to a hub to be able to carry out any admin tasks such as adding users or assigning permissions.
Now, things are a little different in datazen from SSRS, at least for now, this might change after SQL Server 2016 release where datazen will be integrated with SQL Server and will be called Mobile Reports.
I am assuming you have already created users in Datazen and would like to assign them to a group and give group access/permissions.
-Click on the Hub name you would like to go to.
-Click on "User Groups" in left hand panel.
-Click on "Create New User Group" located on top right of the screen.
-Enter Group Name
(the group you created will appear after you create it)
- Click on "Users..." option for that Group.
- Check all the users that need to be assigned to that group.
Click on "Permissions" in left hand panel.
(Dashboards option is selected by default. You could either select a single dashboard or the dashboard group folder in the drop down box labeled "Dashboards & Dashboard Groups")
Select User Group/Users option in drop down box labeled "Set permissions for:"
Check the box next to the group that needs to be allowed access to.
Unfortunately, there is no possibility to add a windows user group in Datazen.
Datazen has a different paradigm as SSRS.
The only way is to create "local" groups in datazen as Maraduarz already wrote.
Best Regards
Daniel
Is there a way to provide generic permissions for users to run reports stored in the Report Manager? I can see how to provide access on an individual user basis via Manage -> Security -> New Role Assignment, by adding the User's Windows login name and assigning them to the Browser role for the report. (Report Manager already knows the domain name).
However, we don't want to be continually having to manage this for each new user. I want anyone under that domain name to have access without needing to configure it. I had hoped that just adding the domain name as a 'user' to the Browser role for that report would do it, but to no avail.
You can add any domain group that has been set up, not just individual users, or you can simply add all domain users, i.e. MYDOMAIN\Domain Users to the Browser role, which seems to be what you're after.
However, I would recommend creating a generic user group like MYDOMAIN\SSRSReportUsers or something like that and adding this group to the browser role instead of MYDOMAIN\Domain Users, as adding all users to the Report Server seems like it doesn't give you many options to manage this in any sort of granular way.
I have a SQL 2008r2 report server where, despite having the appropriate ROLE permissions assigned within the RS, you can not view a report/folders Properties, unless you are also a member of the administrator group on the server. You can view the report itself, but not the Properites tab. When viewing the Properties tab, an rsAccessDenied error is shown with the message "The permissions granted to user 'XXX\XXX' are insufficient for performing this operation."
My understanding is that just being a member of the Browser role should be sufficient to view a reports properties, and the account actually is member of all roles (Content Manager, Publisher, Broweser, etc), so that isn't the issue, so why would you also need to be a member of the administrator group on the server?
Given that everything is being done from a browser on a remote computer, I'm at a bit of a loss as to what the Properties tab is doing that requires the extra permissions.
Anyone know what's going on and what needs to be changed so that the user doens't need any permissions on the server itself?
I had a similar problem where I didn't have access to the Properties-tab or the Data Sources-tab but adding my user to Administrators did not solve the issue. However all my role assignments were on a subfolder and when I was added to root/home with role "Browser" it suddenly started working. Even without me being an admin on the RS Server.
According to Microsoft documentation, you need higher privileges to achieve that :
http://technet.microsoft.com/en-us/library/ms157363(v=sql.105)
Browser role only enables you to navigate through folder structure and view/subscribe to reports. You need the "Content Manager Role" to achieve what you want.